Integer overflow in SOAP (Simple Object Access Protocol) function in Genivia gSOAP allows execution of arbitrary code or denial of service, also known as Devil’s Ivy attack.
High
HPSBPI03566 Rev. 3
19-Sep-2017
09-Sep-2020
Execution of arbitrary code or Denial of Service
Source: HP Product Security Response Team (PSRT)
Reported by Check Point Software.
CVE ID |
Base Vector |
Base Score |
---|---|---|
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
8.1 High |
Learn more about CVSS 3.0 base metrics, which range from 0 to 10.
PSR-2017-0133
For a PGP-signed version of this security bulletin please write to: hp-security-alert@hp.com
CVE-2017-9765, PSR-2017-0133
HP has provided firmware updates for impacted printers as indicated in the table below. Follow these steps to obtain the updated firmware:
Go to www.hp.com.
Select Support at the top of the page, then click Software & drivers.
Enter the appropriate product name or model number from the table below into the search field.
Click Find.
Scroll down and click Firmware from the category list.
Click the Download button for appropriate firmware.
Find the products affected and the firmware version that resolves the vulnerabilities.
Find the products affected and the firmware version that resolves the vulnerabilities.
Product Name |
Model Number |
Firmware Revision |
---|---|---|
HP Color LaserJet Pro M154 |
T6B51A, T6B52A |
201709 (or later) |
HP Color LaserJet Pro M252 |
B4A21A, B4A22A |
201709 (or later) |
HP Color LaserJet Pro M254 |
T6B59A, T6B60A, T6B61A |
201709 (or later) |
HP Color LaserJet Pro M452 |
CF388A, CF389A, CF394A |
201709 (or later) |
HP Color LaserJet Pro MFP M180, M181 |
T6B70A, T6B71A, T6B74A |
201709 (or later) |
HP Color LaserJet Pro MFP M277, M274 |
B3Q10A, B3Q11A, B3Q17A, M6D61A |
201709 (or later) |
HP Color LaserJet Pro MFP M280, M281 |
T6B80A, T6B81A, T6B82A, T6B83A |
201709 (or later) |
HP Color LaserJet Pro MFP M377, M477 |
CF377A, CF378A, CF379A, M5H23A |
201709 (or later) |
HP Color LaserJet Pro MFP M476 |
CF385A, CF386A, CF387A |
201709 (or later) |
HP LaserJet Pro 400 M401 |
CF270A, CF274A, CF278A, CF285A, CF399A, CZ195A |
201709 (or later) |
HP LaserJet Pro 400 MFP M425 |
CF286A, CF288A |
201709 (or later) |
HP LaserJet Pro 500 color MFP M570 |
CZ271A, CZ272A |
201709 (or later) |
HP LaserJet Pro M102, M104, M106 |
G3Q34A, G3Q35A, G3Q36A, G3Q37A, G3Q39A |
201709 (or later) |
HP LaserJet Pro M15, M16, M17 |
W2G50A, W2G51A, W2G52A, W2G53A, Y5S43A |
201708 (or later) |
HP LaserJet Pro M201, M202 |
C6N20A, C6N21A, CF455A, CF456A |
201709 (or later) |
HP LaserJet Pro M203, M206, M118 |
4PA39A, G3Q46A, G3Q47A, G3Q48A, G3Q50A |
201709 (or later) |
HP LaserJet Pro M225, M226 |
C6N22A, C6N23A, CF484A, CF485A, CF486A |
201709 (or later) |
HP LaserJet Pro M402, M403 |
C5F92A, C5F93A, C5F94A, C5F95A, C5F96A, C5J91A, G3V21A, F6J41A, F6J42A, F6J43A, F6J44A |
201709 (or later) |
HP LaserJet Pro M435 |
A3E42A |
201709 (or later) |
HP LaserJet Pro M501 |
J8H60A, J8H61A |
201709 (or later) |
HP LaserJet Pro M521 |
A8P79A, A8P80A |
201709 (or later) |
HP LaserJet Pro M701, M706 |
B6S00A, B6S01A, B6S02A |
201709 (or later) |
HP LaserJet Pro MFP M130, M132, M134 |
G3Q57A, G3Q58A, G3Q59A, G3Q60A, G3Q61A, G3Q62A, G3Q63A, G3Q64A, G3Q65A, G3Q66A, G3Q67A, G3Q68A |
201709 (or later) |
HP LaserJet Pro MFP M29, M31 |
W2G54A, W2G55A, W2G56A, W2G57A, Y5S53A, Y5S50A, Y5S54A, Y5S55A |
201708 (or later) |
HP LaserJet Pro MFP M426, M427 |
C5F97A, C5F98A, C5F99A, F6W13A, F6W14A, F6W15A, F6W16A, F6W17A, F6W18A, F6W19A |
201709 (or later) |
HP LaserJet Ultra MFP M230 |
4PA41A, 4PA42A, 4PA44A, G3Q74A, G3Q75A, G3Q76A, G3Q77A, G3Q78A, G3Q79A |
201709 (or later) |
HP LaserJet Pro MFP M227, M148, M149 |
|
|
Find the products affected and the firmware version that resolves the vulnerabilities.
Product Name |
Model Number |
Firmware Revision |
---|---|---|
HP Officejet Pro X451dn Printer |
CN459A |
1819A(or later) |
HP Officejet Pro X451dw Printer |
CN463A |
1819A (or later) |
HP Officejet Pro X476dn Multifunction Printer |
CN460A |
1819A (or later) |
HP Officejet Pro X476dw Multifunction Printer |
CN461A |
1819A (or later) |
HP Officejet Pro X551dw Printer |
CV037A |
1819A (or later) |
HP Officejet Pro X576dw Multifunction Printer |
CN598A |
1819A (or later) |
HP PageWide 352dw Printer |
J6U57A, J6U57B |
001.1743A (or later) |
HP PageWide 377dw Multifunction Printer |
J9V80A, J9V80B |
001.1743A (or later) |
HP PageWide Managed P55250dw Printer series |
J6U51B, J6U55A, J6U55B, J6U55C, J6U55D |
001.1743A (or later) |
HP PageWide Managed P57750dw Multifunction Printer series HP PageWide Managed P52750dw Multifunction Printer |
J9V82A, J9V82B, J9V82C, J9V82D, J9V78B |
001.1743A (or later) |
HP PageWide Managed P75050dn Printer HP PageWide Managed P75050dw Printer |
W1B28A, Y3Z45A, Y3Z45B, Y3Z45C, Y3Z45D, W1B29A, Y3Z47A, Y3Z47B, Y3Z47C, Y3Z47D |
004.1743A (or later) |
HP PageWide Pro 452dn Printer series |
D3Q15A, D3Q15B, D3Q15D |
001.1743A (or later) |
HP PageWide Pro 452dw Printer series |
D3Q16A, D3Q16B, D3Q16C, D3Q16D |
001.1743A (or later) |
HP PageWide Pro 477dn Multifunction Printer series |
D3Q19A, D3Q19B, D3Q19D |
001.1743A (or later) |
HP PageWide Pro 477dw Multifunction Printer series |
D3Q20A, D3Q20B, D3Q20C, D3Q20D, W2Z53B |
001.1743A (or later) |
HP PageWide Pro 552dw Printer series |
D3Q17A, D3Q17B, D3Q17C, D3Q17D, 2DR21D, K9Z74A, K9Z74B, K9Z74D |
001.1743A (or later) |
HP PageWide Pro 577dw Multifunction Printer series |
D3Q21A, D3Q21B, D3Q21C, D3Q21D |
001.1743A (or later) |
HP PageWide Pro 577z Multifunction Printer series |
K9Z76A, K9Z76B, K9Z76D |
001.1743A (or later) |
HP PageWide Pro 750dn Printer |
Y3Z44A, Y3Z44B, Y3Z44C, Y3Z44D |
004.1743A (or later) |
HP PageWide Pro 750dw Printer |
A7W93A, Y3Z46A, Y3Z46B, Y3Z46C, Y3Z46D |
004.1743A (or later) |
HP PageWide Pro 772dn Multifunction Printer |
Y3Z54A, Y3Z54B, Y3Z54C, Y3Z54D |
004.1743A (or later) |
HP PageWide Pro 772dw Multifunction Printer |
W1B31A, W1B31B, W1B31C, W1B31D |
004.1743A (or later) |
Find the products affected and the firmware version that resolves the vulnerabilities.
Product Name |
Model Number |
Firmware Revision |
---|---|---|
HP AMP Printer |
T8X39A, T8X40A, T8X42A, T8X39D, T8X44A, 1SH08A, T8X40D, T8X39B, T8X39C, T8X40B |
1750B (or later) |
HP Deskjet 2540 All-in-One Printer |
K9B57B, K9B59A, K8T38A, K9B56A, D3A81A, A9U22A, A9U22B, A9U19A, K2W35A, A9U27A, A9U28B, D3A80A, J7V18B, D3A78B, D3A79A, D3A82A, J7V17B, J7V19B, K9B54A, E1E94B, K9B55A |
1949A (or later) |
HP DeskJet 2600 All-in-One Printer |
V1N01B, V1N01C, Y5H80A, Y5H68A, Y5H68D, 4UJ28B, V1N07A, Y5H67A, Y5H67D, Y5H69A, Y5H69D, V1N08A, Y5H60A, Y5H61A, Y5H62A, Y5H72D, V1N03B, V1N03C, V1N05B, V1N05C, V1N06B, V1N07B, Y5H63A, Y5H64A, Y5H65A, V1N05A, V1N01A, V1N03A, V1N04A |
1738A (or later) |
HP DeskJet 3700 All-in-One Printer |
J9V86A , J9V86B, J9V93B, J9V94B, J9V95B, J9V96B, J9V97B, T8W54A, T8W92A, T8W56A, T8W57A, T8W58A, T8W59A, T8W93A, T8W94A, T8X00B, T8X01B, T8X04B, T8X05B, T8X06B, T8X07B, T8X10B, T8X12B, T8W51A, T8W52A, J9V90A, J9V91A, J9V92A, T8W83A, T8W95A, T8X19B, T8W96A, T8X23B, T8X27B |
1750A (or later |
HP DeskJet GT 5820 All-in-One Printer |
2ND31A, M2Q28A, P0R21A, X3B09A, 1WW50A, 2ND32A, P0R22A |
1750B (or later) |
HP DeskJet Ink Advantage 2600 All-in-One Printer |
V1N02A, V1N02B, Y5Z00A, Y5Z03B, Y5Z04B, Y5Z02B |
1735A (or later) |
HP Deskjet Ink Advantage 3525 All-in-One Printer |
CX060A, CX061A, CZ275A, CZ275B, CZ275C |
1942A (or later) |
HP Deskjet Ink Advantage 3540 e-All-in-One Printer |
E6G69A, A9T81A, A9T81B, A9T81C, F9A24A, L5T77A, A9T82A, A9T84C, A9T83B |
2025A (or later) |
HP DeskJet Ink Advantage 3630 All-in-One Printer |
F5S44A, F5S44B, F5S44C, K4U06A, K4U07A, K4U08A, F5S45A, F5S53C, K4U05B, F5S46B |
1733B (or later) |
HP DeskJet Ink Advantage 3830 All-in-One Printer |
F5R96A, F5R96B, F5R96C, F5R97A, F5R98B |
1804A (or later) |
HP Deskjet Ink Advantage 4510 e-All-in-One Printer |
A9J41A, A9J41B, A9J41C, A9J42A, A9J43B |
1933A (or later) |
HP DeskJet Ink Advantage 4530 All-in-One Printer |
E6G68A, F0V64A, F0V64B, F0V64C, F0V65A, F0V66B |
1750B (or later) |
HP DeskJet Ink Advantage 4670 All-in-One Printer |
F1H97A, F1H97B, F1H97C, F1H98A, F1H99B |
1750B (or later) |
HP Deskjet Ink Advantage 5520 All-in-One Printer |
CX051A, CZ282A, CZ282B, CZ282C, E1P48A |
1942A (or later) |
HP DeskJet Ink Advantage 5570 All-in-One Printer |
G0V48B, G0V48C |
1741A (or later) |
HP DeskJet Ink Advantage 5645 All-in-One Printer |
B9S57C |
1821B (or later) |
HP DeskJet Ink Advantage Ultra 4720 All-in-One Printer |
F5S65A, F5S66A, L8L91A |
1733A (or later) |
HP DeskJet Ink Advantage Ultra 5730 All-in-One Printer |
F5S61A, F5S60A |
1733A (or later) |
HP Envy 120 e-All-in-One Printer |
CZ022A,CZ022B, CZ022C, CZ025A, CZ025C |
2002A (or later) |
HP Envy 120 e-All-in-One Printer |
CZ022A, CZ022B, CZ022C, CZ025A, CZ025C |
2002A (or later) |
HP ENVY 4500 e-All-in-One Printer |
N4E46A, A9T80A, A9T80B, D3P93A, F2K48A, K2M74A, C8D05A, A9T85A, A9T87B, E6G71B, A9T88B, A9T89A, C8D04A, A9T86A, D3P95A, E6G70B, E6G72B, D3P94A, D3P94B |
2025A (or later) |
HP ENVY 4510 All-in-One Printer |
K9H48A, K9H50A, K9H49A, K9H51A, K9H52A, K9H53A |
1750B (or later) |
HP ENVY 4520 All-in-One Printer |
E6G67A, E6G67B, F0V63A, F0V63B, F0V69A, J6U70B, K9T10B, F0V67A, F0V70B, F0V73A, J6U59B, J6U60B, W3U26A, F0V71B, F0V72B, J6U69A, K9T01A, K9T09B, K9T05B, J6U61B, K9T06B, K9T07B, K9T08B |
1750B (or later) |
HP ENVY 5530 e-All-in-One Printer |
A9J40A, A9J40B, A9J49A, A9J47A, K2M73A, A9J45A, A9J48B, A9J46A, D4J85B, A9J44A, K3Z41A, D4J86B, A9J48A |
1933A (or later) |
HP ENVY 5540 All-in-One Printer |
F2E72A, G0V47A, G0V52A, G0V53A, J6U66A, K7C85A, K7G89A, G0V51A, K7C86A, K7C87A, K7C88A, K7G90A, N9U88A, G0V54A, K7C89A, K7C93A, G0V50A, K7G88A, J6U67A, K7C90A, J6U64A, K7G87A, K7G86A |
1741A (or later) |
HP ENVY 5640, 5660 e-All-in-One Printer |
B9S56A, B9S58A, B9S59A, B9S61A, B9S62A, B9S63A, B9S64A, B9S65A, F8B04A, F8B05A, F8B06A, F8B07A, F8B08A, F8B12A, F8B13A, K5L42A, T5R62A |
1736A (or later) |
HP ENVY 7640 e-All-in-One Printer |
E4W43A, E4W43B, E4W47A, E4W45A, E4W46A, E4W44A |
1736A (or later) |
HP OfficeJet 200 Mobile Printer |
CZ993A, L9B95A |
1733A (or later) |
HP OfficeJet 202 Mobile Printer |
N4K99C, N4L14C |
1733A (or later) |
HP OfficeJet 250 Mobile All-in-One Printer |
CZ992A, L9D57A, N4L17A |
1802A (or later) |
HP OfficeJet 252 Mobile All-in-One Printer |
N4L16C, N4L18C |
1802A (or later) |
HP Officejet 3830 All-in-One Printer |
F5R95A, F5R95B, F5R95C, K7V40A, K7V36A, K7V45B, F5R99A, F5S01B, F5S03B, K7V37A, F5S02B, K7V44B |
1804A (or later) |
HP Officejet 4630 e-All-in-One Printer |
B4L03A, B4L03B, B4L03C, D4J76A, E6G81A, E6G81B, B4L07A, B4L05A, B4L06B, E6G85B, D4J74A, D4J78B, B4L04A,E6G86B, D4J75A, D4J77B |
2025A (or later) |
HP OfficeJet 4650 All-in-One Printer |
E6G87A, F1H96A, F1H96B, F1J03A, F1J04A, F9D37A, K9V77A, K9V85B, K9V83B, F1J02A, F1J05B, K9V84B, F1J06B, F1J07B, K9V76A, F1J00A, K9V79A, K9V82B, K9V81B, V6D27B, V6D29B, V6D28B, V6D30B |
1750B (or later) |
HP Officejet 5740 e-All-in-One Printer |
B9S76A, B9S78A, B9S79A, B9S83A, B9S81A, B9S84A, F8B11A, F8B10A, B9S82A, B9S85A, B9S80A, F8B09A, T1P36A |
1736A (or later) |
HP Officejet Pro 6230 ePrinter |
E3E03A |
1741A (or later) |
HP OfficeJet 7510 Wide Format All-in-One Printer |
G3J47A, K1Z44A |
1940A (or later) |
HP OfficeJet 7610 Wide Format e-All-in-One Printer |
CR769A |
2028B (or later) |
HP Officejet 7612 Wide Format e-All-in-One Printer |
G1X85A |
1943A (or later) |
HP Officejet Pro 251dw Printer |
J5W83A, CV136A |
2031A (or later) |
HP Officejet Pro 276dw Multifunction Printer |
J5W40A, CR770A |
2030D (or later) |
HP Officejet Pro 6830 Printer |
L3L04A, T6T84A, E3E02A, M0F56A, E3E02AR, J2D37A |
1739A (or later) |
HP OfficeJet Pro 7720, 7730 Printer |
G5J56A, , L3T99A, Y0S18A, Y0S19A |
1733A (or later) |
HP OfficeJet Pro 7740 Printer |
G5J38A, T1P99A |
1821B (or later) |
HP OfficeJet Pro 8210, 8216 Printer |
D9L63A, D9L64A, J3P65A, J3P66A, J3P67A, T0G70A, J3P68A |
1803A (or later) |
HP Officejet Pro 8610 e-All-in-One Printer |
T0K98A, E1D34A, D7Z36A, J5T77A, A7F64A |
1733A (or later) |
HP Officejet Pro 8620 e-All-in-One Printer |
A7F65A, K1Y99A, D7Z37A, CM750A |
1733A (or later) |
HP Officejet Pro 8630 e-All-in-One Printer |
A7F65A, A7F66A, K1Y99A, D7Z37A, CN577A |
1733A (or later) |
HP Officejet Pro 8640 e-All-in-One Printer |
K7U92A, E2D42A |
1733B (or later) |
HP Officejet Pro 8650 e-All-in-One Printer |
E1D36A |
1733B (or later) |
HP OfficeJet Pro 8710 Printer |
D9L18A, M9L66A, M9L67A, T0G46A, J6X76A, J6X78A, J6X80A, K7S37A, M9L70A, J6X77A, J6X81A, J6X79A, K7S38A, T0G47A, T0G48A, T0G49A, M9L65A |
1803A (or later) |
HP OfficeJet Pro 8720 Printer |
D9L19A, M9L74A, M9L75A, M9L76A, J7A28A, J7A31A, K7S34A, K7S35A, M9L80A, J7A29A, K7S36A, T0G54A |
1803A (or later) |
HP Officejet Pro 8730, 8740 Printer |
D9L20A, D9L21A, K7S42A, T0G65A, K7S39A, J6X83A, K7S43A, K7S40A, K7S41A |
1803A (or later) |
HP Photosmart 3525 e-All-in-One Printer |
CX052A, CX052B, CX052C, CX053C, CX056A, CX056AR, F6H93A, CX058A, E3P97A, CX055B, CX057A, CX054B, CX059A |
1942A (or later) |
HP Photosmart 5520 e-All-in-One Printer |
C7G19A, CX042A, CX042B, CX045C, CX046C, K8G35A, CX049C, CX044A, CX048B, CX047B, CX043A. CX043B |
1942A (or later) |
HP Photosmart 6520 e-All-in-One Printer |
CX017A, CX017B, CX020C, CX021C, CX018A, CX018B |
2024A (or later) |
HP Photosmart 7520 e-All-in-One Printer |
CZ045A, CZ045B, J6W59A, CZ046A |
1948A (or later) |
HP has provided firmware updates for impacted printers as indicated in the tables below.
Product Name |
Model Number |
Firmware Revision |
---|---|---|
HP DesignJet T830 24-in Multifunction Printer |
F9A28A, F9A28B, F9A28D, F9A28E |
1913C (or later) |
HP DesignJet T100 24-in Printer HP DesignJet T125 24-in Printer HP DesignJet T130 24-in Printer HP DesignJet T525 24-in Printer HP DesignJet T530 24-in Printer HP DesignJet T530 24-in Printer HP DesignJet T525 36-in Printer HP DesignJet T530 36-in Printer HP DesignJet T530 36-in Printer |
5ZY56A, 5ZY57A, 5ZY58A, 5ZY59A, 5ZY60A, 5ZY60B, 5ZY61A, 5ZY62A, 5ZY62B |
1910A (or later) |
HP DesignJet T520 24-in ePrinter HP DesignJet T120 24-in ePrinter HP DesignJet T520 36-in ePrinter |
CQ890A, CQ891A, CQ893A |
1907A (or later)(Rev A) |
HP DesignJet T520 36-in ePrinter HP DesignJet T520 36-in Printer HP DesignJet T520 36-in Printer (2018 edition) HP DesignJet T520 36-in Printer (2018 edition, legless) |
CQ890B, CQ890C, CQ890D, CQ891B, CQ891C, CQ893B, CQ893C, CQ893E |
1911B (or later)(Rev B/C) |
HP DesignJet T730 36-in Printer HP DesignJet T730 with Rugged Case HP DesignJet T830 36-in Multifunction Printer HP DesignJet T830 MFP with armor case HP DesignJet T830 MFP with Rugged Case |
F9A29A, F9A29B, F9A29D, F9A29E, F9A30A, F9A30B, F9A30C, F9A30D, F9A30E |
1913C (or later) |
This document has been revised according to the information below.
Version |
Description |
Date |
---|---|---|
3 |
Updated product list |
9-Sep-2020 |
2 |
Updated product list |
24-Aug-2020 |
1 |
Initial Release |
19-Sep-2017 |
Follow these links for additional information.
Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.
To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.
To view released Security Bulletins, visit https://support.hp.com/security-bulletins.
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.
© Copyright 2024 HP Development Company, L.P.
HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.